Hello, Brad Hubbard wrote: > > Can I get some feedback on the conventional wisdom as to the best solution > for high volume registration and authentication of users accessing a secure > site? I have worked before with database/session based methods as well as > htaccess. Which is preferred? Are there alternatives?
Probably the fastest way to keep session profile information is by serializing the data array into a string that will be encrypted and then stored in cookie. The security weakness of this method is that if the secret key leaks, hackers may use to forge new sessions. A more secure but eventually less scalable method is to store the session data in a shared memory cache, so you minimize database accesses to just one after the server is restarted. This is probably the one you want to use as long you know how to deal with shared memory and semaphores. Regards, Manuel Lemos -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
